HOR-280 Added restrictions to what can and cannot be used for sort argument in processList

2016-03-03 19:50:55 +00:00
parent 591d4f59c4
commit 18f5cea09b
1 changed files with 21 additions and 0 deletions
--- a/workflow/engine/methods/cases/proxyProcessList.php
+++ b/workflow/engine/methods/cases/proxyProcessList.php
@@ -45,6 +45,27 @@ try {
        $Criteria->setOffset( $start );
    }

+    $allowedSortField = array( 
+        "PRO_TITLE",
+        "PROJECT_TYPE",
+        "PRO_CATEGORY_LABEL",
+        "PRO_STATUS_LABEL",
+        "PRO_CREATE_USER_LABEL",
+        "PRO_CREATE_DATE",
+        "CASES_COUNT_TO_DO",
+        "CASES_COUNT_DRAFT",
+        "CASES_COUNT_COMPLETED",
+        "CASES_COUNT_CANCELLED",
+        "CASES_COUNT",
+        "PRO_DEBUG_LABEL",
+        "PRO_TYPE_PROCESS",
+        "PRO_UPDATE_DATE",
+    );
+    
+    if(!in_array($sort, $allowedSortField)) { 
+        $sort = '';
+    }
+
    if ($sort != '') {
        if ($dir == 'DESC') {
            $Criteria->addDescendingOrderByColumn( $sort );